CVE-2014-0114: Improper Input Validation
(updated )
Apache Commons BeanUtils does not suppress the class property, which allows remote attackers to “manipulate” the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm
object in Struts
References
Detect and mitigate CVE-2014-0114 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →